Skip to main content

Cyberattack forces 38,000 students to physically stand in line for new passwords

Around 38,000 students at a university in Germany have been told to physically line up for a new email password after the university’s servers were targeted by hackers.

Justus Liebig University (JLU) in Giessen, near Frankfurt, was hit by a malware attack earlier this month, prompting its IT staff to shut down all of its computer systems, ZDNet reported. The incident is currently being investigated by Germany’s Research Centre for Cyber Security, though information about the specific nature of the malware attack has yet to be disclosed.

Related Videos

Fearing that the malware may have reached its email server, the IT team decided to reset the passwords for all of the email accounts handled by the university.

But the only way the students can obtain their new password is by lining up at the university gym to collect it from staff. The passwords are reportedly being handed out on pieces of paper.

It appears that the somewhat low-tech method for resetting passwords is down to a German law that prevents educational establishments from giving out such information electronically.

The University in Gießen, Germany had a security incident that required resetting the passwords of 38000 students. Students are lining up to get their new passwords on paper, after identity verification. More about the incident on the bottom of this page:

— svbl (@svblxyz) December 17, 2019

To ensure that the delivery of the new passwords is performed in an orderly manner, the university has created a collection schedule stipulating a date and time based on an individual’s month of birth. It’s expected to take five days to complete the process of handing out the passwords to the thousands of people affected.

The malware attack is proving to be a real headache for staff at the university tasked with getting its computer systems up and running again. They’re currently using some 1,200 USB sticks loaded with anti-virus scanners to check each and every one of the university’s computers for the malware. The most recent reports said the IT team had to re-scan the machines last weekend after the anti-virus software received an update to make it more effective. Once a computer is deemed to be clean, it can be reconnected to the university’s network.

We trust that none of the passwords being handed out by the university are on the list of worst passwords for 2019. Announced this week by cybersecurity firm SplashData, they include “12345”, “123456”, “1234567” and, would you believe, “12345678”.

Oh, and if you’re using any of these, perhaps it’s time you switched to a password manager instead.

Editors' Recommendations

Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Experts fear ChatGPT will soon be used in devastating cyberattacks
The ChatGPT name next to an OpenAI logo on a black and white background.

ChatGPT has taken the world by storm in recent months, but just as it has amazed people with its technical capabilities, concerns have also been raised over its potential misuse. Now, it seems some IT leaders are worried it will soon be used in major cyberattacks, with the potential to cause devastation in the future.

In a survey of 1,500 IT and cybersecurity professionals conducted by BlackBerry, 51% of respondents believed that ChatGPT will be responsible for a successful cyberattack in the next 12 months. As much as 78% feel that attack will happen within two years, while a handful think it could happen within the next few months.

Read more
This huge password manager exploit may never get fixed
A large monitor displaying a security hacking breach warning.

It’s been a bad few months for password managers -- albeit mostly just for LastPass. But after the revelations that LastPass had suffered a major breach, attention is now turning to open-source manager KeePass.

Accusations have been flying that a new vulnerability allows hackers to surreptitiously steal a user’s entire password database in unencrypted plaintext. That’s an incredibly serious claim, but KeePass’s developers are disputing it.

Read more